CVE-2010-2698

Multiple cross-site scripting XSS vulnerabilities in Sijio Community Software allow remote authenticated users to inject arbitrary web script or HTML via the title parameter when 1 editing a new blog, 2 adding an album, or 3 editing an album. NOTE: the provenance of this information is unknown; t...

CVE-2010-2695

Directory traversal vulnerability in the SFTP/SSH2 virtual server in Xlight FTP Server 3.5.0, 3.5.5, and possibly other versions before 3.6 allows remote authenticated users to read, overwrite, or delete arbitrary files via .. dot dot sequences in the 1 ls, 2 rm, 3 rename, and other unspecified...

CVE-2010-2448

CVE-2010-2448 affects ZNC prior to 0.092. A remote authenticated user can trigger a denial-of-service crash by requesting traffic statistics while there is an active unauthenticated connection, due to a NULL pointer dereference in znc.cpp. Upstream fix exists (0.092+). Debian/DSA-2069-1 and Fedor...

CVE-2004-2769

Cerberus FTP Server before 4.0.3.0 is vulnerable. Remote authenticated users can list hidden files even when the Display hidden files option is disabled via MLSD/MLST commands. The Nessus NASL plugin for Cerberus FTP Server MLSD and MLST Command Hidden Files Security Bypass confirms affected vers...

CVE-2010-2426

Titan FTP Server (TitanFTPd)

CVE-2010-1848

Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. dot dot in a table name...

Deserialization of untrusted data

The web interface in McAfee Email Gateway formerly IronMail 6.7.1 allows remote authenticated users, with only Read privileges, to gain Write privileges to modify configuration via the save action in a direct request to admin/systemWebAdminConfig.do...

CVE-2010-0596

Unspecified vulnerability in Cisco Mediator Framework 2.2 before 2.2.1.dev.1 and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 allows remote authenticated users to read or modify the device configuration, and gain...

CVE-2010-0597

Unspecified vulnerability in Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 allows remote authenticated users to read or modify the...

CVE-2010-2026

The web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 allows remote attackers to bypass authentication, and reset the modem or replace the firmware, via a direct request to an unspecified page...

mysql: COM_FIELD_LIST table name buffer overflow

Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COMFIELDLIST command with a long table name...

CVE-2010-2048

Multiple cross-site scripting XSS vulnerabilities in the Heartbeat module 6.x before 6.x-4.9 for Drupal allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

[Backports-security-announce] Security Update for postgresql-8.4

Gerfried Fuchs uploaded new packages for postgresql-8.4 which fixed the following security problems: CVE-2010-1169 PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 does not properly restrict...

CVE-2010-2011

Microsoft Dynamics GP uses a substitution cipher to encrypt the system password field and unspecified other fields, which makes it easier for remote authenticated users to obtain sensitive information by decrypting a field's contents...

CVE-2010-2011

Microsoft Dynamics GP is affected by CVE-2010-2011, where a substitution cipher used to encrypt the system password field (and unspecified other fields) can allow remote authenticated users to decrypt content and obtain sensitive information. The vulnerability stems from weak/encryption method us...

Code injection

PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings via a 1 ALTER USER ...

CVE-2010-1624

The CVE-2010-1624 issue affects Pidgin (libpurple) MSN protocol plugin, specifically the msn_emoticon_msg function in slp.c. It allows remote authenticated users to trigger a denial of service via a specially crafted SLP message containing a malformed emoticon, causing a NULL pointer dereference ...

OCS Inventory NG Server <= 1.3.1 (login) Remote Authentication Bypass

Exploit for php platform in category web applications ===================================================================== OCS Inventory NG Server OCS Inventory NG function $id return document.getElementByIdid; function $$id return $id.options$id.options.selectedIndex.value; function bypass...

OCS Inventory NG Server 1.3.1 - LOGIN Remote Authentication Bypass

OCS Inventory NG Server 1.3.1 - LOGIN Remote Authentication Bypass OCS Inventory NG = 1.3.1 login Remote Authentication Bypass function $id return document.getElementByIdid; function $$id return $id.options$id.options.selectedIndex.value; function bypass $'log'.action = $'ocsreports'.value +...

OCS Inventory NG Server 1.3.1 - &#039;LOGIN&#039; Remote Authentication Bypass

OCS Inventory NG = 1.3.1 login Remote Authentication Bypass function $id return document.getElementByIdid; function $$id return $id.options$id.options.selectedIndex.value; function bypass $'log'.action = $'ocsreports'.value + $$'meth' + '?lang=' + $$'lang'; if $$'type' == 0 $'login'.value = "'...